Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

I wonder if anyone can please help or advise me? I am very limited in my knowledge of spyware and I am not too hot on the XP operating system - I'm just a novice! That's why I found this forum for help.

I have been having a few problems - well I think I might be?

I have noticed recently when I click on a link to go to a web page, or open the browser, the page opens as normal - but perhaps a little slower than normal. Also the information you normally see in the left-hand corner of browser, displays the address of the page being opened etc.. that's all normal I believe?

However I then get this - opening page about:blank... This comes after the information tells you which www. page is being opened. ie. opening page http://www.yahoo.com then you see : opening page about blank... As this happens the progress / download bar reloads (at botttom of browser).

Is this normal? It's just I have never previously noticed this! Am I being paranoid or what? Is my page being redirected somewhere or is someone monitoring my activities? A hacker perhaps? The system seems slow and sluggish also - more than normal!

I have run spybot, adaware, Spyware doctor, Microsoft Antispyware, Ewido plus a couple of others. Some have found things and removed them, but I still get the same message in the browser - opening page about: blank...

I have run the programme HighJackThis and have included a log file if that helps?

As we work together to resolve you problem please read the instructions carefully. You may wish to print them off or copy them into Notepad.
If you have question please don't hesitate to ask.
Since there may other issues than those you reported please continue to follow this thread until I have given you an "All Clean."

Nothing really jumps out that would cause your about:blank. You do have some items that can be fixed.

Ready? Let's go.
====================

You currently are running HijackThis from a Temporary location: When we clean out the temp files it will take HJT along with it. C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

Please make a folder here: c:\HJTand place HijackThis in that folder.
DO NOT follow the steps below until you have moved HijackThis
====================

You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix. Be sure to re-enable after the fix is complete

To disable SpySweeper:

Open SpySweeper
Click Options over to the left
Then program options >Uncheck "load at windows startup.
Over to the left click shields and uncheck all there.
Uncheck home page shield.
Uncheck automaticly restore default without notification.
====================

Start HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:
R3 - URLSearchHook: (no name) - <default> - (no file) R3 - URLSearchHook: ScriptInocUI Class - - (no file) O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll <<< OptionalO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - <http://software-dl.real.com/16bce870f42c3ef5cf05/netzip/RdxIE601.cab> O17 - HKLM\System\CCS\Services\Tcpip\..\{DBB56F14-3CB2-4DC2-A999-CEDDEC55FD1E}: NameServer = 195.92.195.94 195.92.195.95 <<<Do you recognize energis.com? If so leave this 017 line alone

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked=====================

Please print the instructions below or copy and paste to Notepad since you will not have internet access while in safe mode.
Then reboot your computer
As soon as it starts to boot, rapidly press the f8 key.
Select Safe Mode from the menu
If you are still unsure, see here=====================

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
====================

Run ewido Malware Remover

Click on ScannerClick on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OKSelect "none" as the action. Check "Perform action with all infections".
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close ewido security suite.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!
====================

1. Click on "Kapersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kapersky will update the anti-virus database. Let it run.
4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop. And restart.
====================

Please post the following in your reply

HJT Log
ewido Log
Kapersky Log
Let me know if you are still having problems with the browser

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.